HALO 0 Posted March 13, 2014 Share Posted March 13, 2014 Hello everyone, I just want to create a HIPS rule that can block an application that running in C:\users\user\appdata. I want to deploy this configuration via ERA Policy. So I need to specify a path like C:\users\*\appdata\applicationfolder. As I see it, ESET accept only exact path while I am creating HIPS rule. Is there any solution for this? Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 13, 2014 Administrators Share Posted March 13, 2014 Even if wildcards were supported in rules, the %APPDATA% variable wouldn't resolve as expected as it resolves to C:\Windows\system32\config\systemprofile\AppData for the local system account in which ekrn.exe runs. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 13, 2014 Share Posted March 13, 2014 (edited) Hello HALO, Instead of using ESET HIPS to prevent malware executables from being run out of the appdata directories, i would create a GPO for your users to combat this. You will have more options using windows. If you need assistance i know the Crypto Prevention Kit has some GPO's for servers and term servers you can import with little effort. Edited March 13, 2014 by Arakasi Link to comment Share on other sites More sharing options...
JAF1979 4 Posted April 22, 2014 Share Posted April 22, 2014 HALO... The same general question was asked at another topic. See link below:https://forum.eset.com/topic/767-how-to-block-an-app/?hl=%2Bblock+%2Bapplication Link to comment Share on other sites More sharing options...
Recommended Posts